diff options
author | Ken Raeburn <raeburn@mit.edu> | 1999-06-30 19:28:13 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 1999-06-30 19:28:13 +0000 |
commit | cc404230c2bede6dce78ee19f88d879b5e27b71f (patch) | |
tree | b2b0962743aef1384a4a7a2e5c5313b596951db6 /src/kdc/dispatch.c | |
parent | 2ee7c8e0714dce64604bc37fee6272286b6bcf3a (diff) | |
download | krb5-cc404230c2bede6dce78ee19f88d879b5e27b71f.tar.gz krb5-cc404230c2bede6dce78ee19f88d879b5e27b71f.tar.xz krb5-cc404230c2bede6dce78ee19f88d879b5e27b71f.zip |
Disable lookaside cache. It's needed if the replay cache is enabled, and could
theoretically make certain attacks more difficult, but the replay cache is
disabled, the attack is very difficult compared to other existing attacks
(would need huge numbers of queries), and under heavy load the lookaside cache
degrades performance.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11538 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/dispatch.c')
-rw-r--r-- | src/kdc/dispatch.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 7446ea5f8..824a3af0d 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -42,12 +42,14 @@ dispatch(pkt, from, portnum, response) /* decode incoming packet, and dispatch */ +#ifndef NOCACHE /* try the replay lookaside buffer */ if (kdc_check_lookaside(pkt, from, response)) { /* a hit! */ krb5_klog_syslog(LOG_INFO, "DISPATCH: replay found and re-transmitted"); return 0; } +#endif /* try TGS_REQ first; they are more common! */ if (krb5_is_tgs_req(pkt)) { @@ -70,9 +72,11 @@ dispatch(pkt, from, portnum, response) #endif else retval = KRB5KRB_AP_ERR_MSG_TYPE; +#ifndef NOCACHE /* put the response into the lookaside buffer */ if (!retval) kdc_insert_lookaside(pkt, from, *response); +#endif return retval; } |